发布于3月6日3月6日 Members Amazon Linux 2023: CVE-2024-29506: Medium priority package update for ghostscript Severity 6 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:P) Published 07/03/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name. A flaw was found in Ghostscript. The `PDFDEBUG` flag controls the value of `ctx->args.debug`. In `pdfi_apply_filter`. This issue enables the execution of a `memcpy` into a stack buffer, without bounds checks. A filter name larger than 100 will overflow the `str` buffer, which may lead to an application crash or other unexpected behavior. Solution(s) amazon-linux-2023-upgrade-ghostscript amazon-linux-2023-upgrade-ghostscript-debuginfo amazon-linux-2023-upgrade-ghostscript-debugsource amazon-linux-2023-upgrade-ghostscript-doc amazon-linux-2023-upgrade-ghostscript-gtk amazon-linux-2023-upgrade-ghostscript-gtk-debuginfo amazon-linux-2023-upgrade-ghostscript-tools-dvipdf amazon-linux-2023-upgrade-ghostscript-tools-fonts amazon-linux-2023-upgrade-ghostscript-tools-printing amazon-linux-2023-upgrade-ghostscript-x11 amazon-linux-2023-upgrade-ghostscript-x11-debuginfo amazon-linux-2023-upgrade-libgs amazon-linux-2023-upgrade-libgs-debuginfo amazon-linux-2023-upgrade-libgs-devel References https://attackerkb.com/topics/cve-2024-29506 CVE - 2024-29506 https://alas.aws.amazon.com/AL2023/ALAS-2024-692.html
